Ruby » Ruby master

Thanks for reporting this. I guess we shouldn't
take any actions until 1.0.1 gets officially
released.

If it should continue to break things then, we'll
have to find a way working around it. In the
meantime, I could try to find out what the change
on OpenSSL's part is supposed to do and why it
alters behavior.

Do you already know more about the intention
of this change?

I don't know yet why it was changed. However, it already breaks Ruby on Fedora 17/Rawhide, so for me, it is quite high priority to solve it.

Vit Ondruch wrote:

However, it already breaks Ruby on Fedora 17/Rawhide, so for me, it is quite high priority to solve it.

Sure, I'll try to find out how it can be circumvented. Did you try to contact OpenSSL about this? I
haven't looked into it in detail yet, so I can't tell whether it's a bug or not - just saying that if
it is, they'd probably want to know about it before releasing 1.0.1 :)

I contacted openssl's Fedora maintainer, but since he was on holidays last week, I expect some explanation tomorrow.

Vit Ondruch wrote:

I contacted openssl's Fedora maintainer, but since he was on holidays last week, I expect some explanation tomorrow.

Great, please let me know if you find out something!

Unfortunately, I didn't get very helpful response :/

Tomas Mraz 2012-02-29 11:03:26 CET

The change adds support for new types of signatures - namely PSS signatures.
I suppose in the first case the DSS1 signature is handled as SHA1 signature.
I'd probably simply skip this test.

Hi Martin,
so OpenSSL v 1.0.1 is now public [1] and the problem seems to stay. I myself am not SSL expert, but why exactly should signing DSS1 with RSA2048 be a mismatch? I think that it's actually the right behaviour that it doesn't.

[1] http://www.openssl.org//source/openssl-1.0.1.tar.gz

Also, this new OpenSSL is breaking the drb test suite:
$ make test-all TESTS="test/drb/test_drbssl.rb"
/builddir/build/BUILD/ruby-1.9.3-p125/lib/drb/ssl.rb:185: warning: SSL_accept returned=1 errno=0 state=SSLv3 write key exchange A: EVP lib (OpenSSL::SSL::SSLError)

(I previously set config[:verbose] = true in ut_array_drbssl.rb, to see this message.)

Hi Martin,
so OpenSSL v 1.0.1 is now public [1] and the problem seems to stay. I myself am not SSL expert, but why exactly should signing DSS1 with RSA2048 be a mismatch? I think that it's actually the right behaviour that it doesn't.

[1] http://www.openssl.org//source/openssl-1.0.1.tar.gz

Hi Bohuslav, hi Vit,

thanks for the info. OK, if the problem remains, I'll look into it now that 1.0.1 is released. The problem with DSS1 and RSA is probably that DSS1 was defined in combination with DSA signatures. So the notion of DSS1 formally only makes sense in combination with DSA.

It's really confusing, since DSS1 is actually the exact same algorithm as SHA-1. But it could be that behavior of accepting/rejecting it in places where SHA-1 would be expected normally (such as RSA signatures) has changed now. I'll investigate.

bkabrda (Bohuslav Kabrda) wrote:

Hi Martin,
so OpenSSL v 1.0.1 is now public [1] and the problem seems to stay. I myself am not SSL expert, but why exactly should signing DSS1 with RSA2048 be a mismatch? I think that it's actually the right behaviour that it doesn't.

Sorry, I didn't respond clearly to your question. The only reason why DSS1 is not a match with RSA is that OpenSSL aliased SHA-1 as DSS1 and initially only allowed DSS1 to be used within contexts of DSA signatures. The DSA standard seems to state something along those lines, although DSS1 is really exactly the same thing. So in a way, yes, we were asserting quirky behavior of OpenSSL with those tests rather than asserting "bare truths" :)

@Vit: To fix this quickly, I will only enable those tests for OpenSSL versions strictly smaller than 1.0.1.

@Bohuslav: As for drb, Masatoshi Seki is the maintainer, could you please open a separate ticket and assign it to him, while probably referencing this one?

MartinBosslet (Martin Bosslet) wrote:

bkabrda (Bohuslav Kabrda) wrote:

Hi Martin,
so OpenSSL v 1.0.1 is now public [1] and the problem seems to stay. I myself am not SSL expert, but why exactly should signing DSS1 with RSA2048 be a mismatch? I think that it's actually the right behaviour that it doesn't.

Sorry, I didn't respond clearly to your question. The only reason why DSS1 is not a match with RSA is that OpenSSL aliased SHA-1 as DSS1 and initially only allowed DSS1 to be used within contexts of DSA signatures. The DSA standard seems to state something along those lines, although DSS1 is really exactly the same thing. So in a way, yes, we were asserting quirky behavior of OpenSSL with those tests rather than asserting "bare truths" :)

@Vit: To fix this quickly, I will only enable those tests for OpenSSL versions strictly smaller than 1.0.1.

@Bohuslav: As for drb, Masatoshi Seki is the maintainer, could you please open a separate ticket and assign it to him, while probably referencing this one?

David, thank you very much. I opened the issue for drb: https://bugs.ruby-lang.org/issues/6221.